|
Question : Suspect Network (DNS/AD?) Comms Issues
|
|
Howdy Folks,
Last Thursday I applied a few routine MS updates to our Win2000 servers (these had already auto-applied to workstations so I'm not accusing the updates of causing damage... yet) which required reboots... We've got 1 parent domain and 3 child domains all at different sites (vpn'ed across the net)... since this reboot, I've noticed that I can't do some standard things, like remoteley view event logs on these servers (it connects but shows slightly different icons where each event should be, and shows no event id, description, etc), and also I am unable to remote administer via terminal services (again, the connection is made, ie: the screen goes black, but then doesn't change to the login screen)...
Exchange 2000 services (info store) had to be started manually on 2 of the servers after the reboot...
After another reboot on our server in the parent domain today, the System Attendant is in a start-pending state, so I can't stop it to try restarting... it's been like that for a couple of hours now...
Aside from the exchange events that you could expect from this (dependency issues), I have a number of other warning or error logs in there which weren't there before:
This first one I've never ever noticed before, but can't say for sure that it's never been there,.. logs don't go back far enough to the last restart... but the server's on the network so I don't know if it's really affecting anything...
Event Type: Warning
Event Source: E100B
Event Category: None
Event ID: 8
Description:
Adapter Intel(R) 82559 Fast Ethernet LAN on Motherboard: Did not receive auto-negotiation advertisement from link partner. A duplex mismatch may occur.
Data:
0000: 00 00 04 00 02 00 58 00 ......X.
0008: 00 00 00 00 08 00 04 80 .......€
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 08 00 04 80 ...€
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller eihffs.EIHF.ORG for FRS replica set configuration information.
Could not find computer object for this computer. Will try again at next polling cycle.
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 61
Description:
WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function
Event Type: Warning
Event Source: IMAP4SVC
Event Category: General
Event ID: 1036
Description:
An error occurred while starting the Microsoft Exchange IMAP4 Service: server instance number 1 failed to start with error 0x80040a01.
Data:
0000: 79 01 2d 00 y.-.
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 61
Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function
Event Type: Error
Event Source: IISInfoCtrs
Event Category: None
Event ID: 1003
Description:
Unable to query the IIS Info service performance data. The error code returned by the service is data DWORD 0.
Data:
0000: ba 06 00 00 º...
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Description:
Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
Data:
0000: b4 05 00 00 ´...
I haven't had a chance to assess our servers at the other sites, mainly because I cant remotely read the event logs or connect with terminal services... The child servers SEEM to be behaving themselves (or I'd potentially get a lot of calls) but I've got one around the corner which I'll check for any leads shortly...
I'm dehydrated, so my brain's not working well, but the fact that terminal services and remote event viewers are failing, would indicate that it's a fundamental network problem and not anything to do so much with DNS and AD? I've got results from a NETDIAG, and the only negative thing I can see is "[WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets"... DCDIAG will not finish (well, it's been running for a couple of hours now... the last thing dcdiag has posted is "Starting test: MachineAccount" and it's just sitting there...
Just over 2 weeks ago I adjusted my DNS forwarders at our child domains and everything has been running beautifully since... if anyone can offer some insight, I'm all ears and much appreciative,.. more info provided if needs be of course... I'll go check that other server now........
Cheers,
Herb
|
Answer : Suspect Network (DNS/AD?) Comms Issues
|
|
Ok. You installed a few patches and just after it some of your computer's serveices are not working properly.
If you can ping it, hardware is probably fine... Maybe some corruption during install?
Do you have any third-party software installed like VPN or Firewall?
KB893066 does soemthing with networking. Have yo check this link?
http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
This is KB893066 related, performance issues... http://support.microsoft.com/kb/890345/
On this, at the bottom, you have the win2k reference: http://support.microsoft.com/kb/898060/
Try plugging your machine into the Dell switch. Maybe helps...
If not, try resetting the TCP/IP stack using Netsh and reboot. Check your IP, netmask and gateway after.
Next move, uninstall KB893066. Test, reinstall it... test
If it don't give any clues, uninstall all the last six vulnerabilities fixes, and install them one by one, rebooting.
Maybe you just have a problem during install...
Luck,
|
|
|
|
|
